Quantstamp 审计 曲线 财务 流动性 采矿

Quantstamp Announcements
August 18, 2020

Quantstamp is happy to announce that we have finished our audit of Curve Finance’s CRV token reward mechanism and CurveDAO. 

Curve Finance is an Automated Market Maker focused on stable asset swaps. Using bonding curves optimized for stable-assets, it minimizes slippage for stablecoin and other stable-pair trades. 

“Curve Finance is a cutting edge decentralized exchange that is also exploring the cutting edge of decentralized governance,” noted Richard Ma, CEO of Quantstamp. “We are excited to help them make sure CurveDAO is secure and ready to take them to the next stage.“ 

“With CRV, we are doing governance token distribution, staking and voting in a new way,” said Michael Egorov, founder of Curve Finance. “Quantstamp worked closely with us to help make sure this new design will work in the field.”

Curve Finance

Launched in January, 2020, Curve’s user adoption has been steady. It currently has over $1B in deposits and processes over $60M of daily volume*.

Users can conduct low-slippage trades on Curve Finance, or provide liquidity to the platform for a portion of trading fees. Through integration with third party DeFi projects such as Yearn Finance, Compound, and Synthetix, liquidity providers also earn extra yield on top of trading fees. This yield comes from lending platform fees and token incentives. 

Liquidity providers can now also claim CRV, the native governance token. 

What is CRV?

CRV is a governance token for CurveDAO, an Aragon DAO that governs the Curve Finance platform. 

Unlike standard on-chain governance systems, Curve’s voting mechanism weights both time and amount staked. Users who lock up their CRV tokens longer have their vote counted more, and so do users who lock up more tokens.

Besides increased voting power, users who lock up their CRV and vote also increase their CRV reward distribution. This incentivizes governance participation.

If you wish to learn how to provide liquidity on Curve to earn CRV, or learn more about the CRV token, the Curve blog has more details. 

CRV Distribution

Curve’s CRV token has a total supply of 3.03 billion, with 62% being distributed through liquidity mining. Users who provide liquidity on Curve Finance will earn a share of these rewards. 

5% of the initial distribution will go to users who have already supplied liquidity on Curve prior to CRV’s launch. The remaining 57% will be distributed going forward. Distribution is decided through the user’s share of the liquidity on Curve, as well as their participation in CurveDAO governance. Curve’s Medium Article has more details on the distribution, staking and voting mechanics of CRV. 

Quantstamp’s audit covered the Vyper smart contracts controlling the token reward mechanism as well as the controller logic used to distribute the tokens. Three engineers, including two PhDs, looked at four Vyper smart contracts: LiquidityGauge, GaugeController, LiquidityGaugeReward, and VestingEscrow from 7-21-2020 through 8-05-2020. Issues found were communicated to Curve, fixes were implemented by them, and we issued the final report 

During the audit, a total of 11 potential issues with varying levels of severity were found: one high-severity, one medium-severity, one low-severity, one undetermined-severity, and seven informational-level findings. Additionally, several best practices recommendations were also made regarding naming, documentation, and other suggestions. Several of the issues, including all high risk issues, were addressed by the Curve team. 

The full audit report can be found on the CurveDAO site here.

*as of August 18th, 2020, according to Curve.fi statistics

About Curve

Curve is an exchange liquidity pool on Ethereum designed for extremely efficient stablecoin trading, and low risk, supplemental fee income for liquidity providers, without opportunity cost.

Curve allows users and smart contracts like 1inch, ParaSwap, Totle and DEX.AG to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $5 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Quantstamp 公告
2020年8月18日

Quantstamp 很高兴地宣布,我们已经完成了对Curve Finance的CRV代币奖励机制和CurveDAO的审核。 

曲线金融是一款专注于稳定资产互换的自动做市商。它使用针对稳定资产优化的粘合曲线,将稳定币和其他稳定对交易的滑点降到最低。 

"Curve Finance是一家最前沿的去中心化交易所,同时也在探索去中心化治理的前沿,"Quantstamp 的CEO Richard Ma指出。"我们很高兴能帮助他们确保CurveDAO是安全的,并为他们进入下一个阶段做好准备。" 

"通过CRV,我们以一种新的方式进行治理代币发行、打桩和投票,"Curve Finance的创始人Michael Egorov说。"Quantstamp 与我们紧密合作,帮助确保这种新设计能在现场发挥作用。"

曲线金融

2020年1月推出,Curve的用户采用率一直很稳定。目前,它拥有超过10亿美元的存款,日处理量超过6000万美元*。

用户可以在Curve Finance上进行低滑点交易,或者为平台提供流动性,以获得部分交易费用。通过与Yearn Finance、Compound和Synthetix等第三方DeFi项目的整合,流动性提供者还可以在交易费之外赚取额外收益。这个收益率来自于借贷平台费用和代币奖励。 

流动性提供者现在也可以申请CRV,即原生治理代币。 

什么是CRV?

CRV是CurveDAO的治理代币,它是一个阿拉贡DAO,管理着Curve金融平台。 

与标准的链上治理系统不同,Curve的投票机制对时间和押注金额都进行了加权。锁定CRV代币时间较长的用户,其投票数会更多,锁定更多代币的用户也会更多。

除了增加投票权外,锁定CRV并投票的用户也会增加CRV奖励分配。这就激励了治理参与。

如果你想了解如何在Curve上提供流动性来赚取CRV,或者了解更多关于CRV代币的信息,Curve博客有更多细节。

CRV分销

Curve的CRV代币总供应量为30.3亿枚,其中62%是通过流动性挖掘分配的。在Curve Finance上提供流动性的用户将获得这些奖励的份额。 

初期分配的5%将分配给在CRV推出前已经在Curve上提供流动性的用户。剩余的57%将继续分配。分配是通过用户在Curve上的流动性份额,以及参与CurveDAO治理来决定的。Curve的Medium文章中有更多关于CRV的分配、押注和投票机制的细节。

Quantstamp'的审计涵盖了控制代币奖励机制的Vyper智能合约,以及用于分配代币的控制器逻辑。三位工程师,包括两位博士,研究了四个Vyper智能合约。LiquidityGauge、GaugeController、LiquidityGaugeReward和VestingEscrow,从7-21-2020到8-05-2020。发现的问题与Curve沟通,由他们实施修复,我们发布了最终报告 

在审计过程中,共发现了11个严重程度不同的潜在问题:1个高度严重、1个中度严重、1个低度严重、1个未确定严重,以及7个信息层面的调查结果。此外,还就命名、记录等提出了若干最佳实践建议。其中一些问题,包括所有高风险问题,都由曲线小组处理。 

完整的审计报告可以在这里的CurveDAO网站上找到。

*截至2020年8月18日,根据 Curve.fi统计数据

關於曲線

Curve是Ethereum上的一个交易所流动性池,旨在为极高效的稳定币交易,以及低风险,为流动性提供者提供补充费用收入,没有机会成本。

Curve允许用户和1inch、ParaSwap、Totle和DEX.AG等智能合约通过专门为稳定币设计的定制化低滑点、低费用算法在DAI和USDC之间进行交易,赚取手续费。在幕后,流动性池也会提供给Compound协议或yearn.finance,在那里为流动性提供者创造更多的收入。

关于况思探

Quantstamp 是区块链安全领域的领导者,已经进行了超过140次审计,确保了超过50亿美元的价值。包括MakerDAO、Chainlink、eToro和世界经济论坛在内的顶级加密和企业公司都选择Quantstamp ,以确保其区块链应用的安全。 

紧跟Quantstamp ,了解最新的行业趋势↪So_1F6E1↩。
注册我们的时事通讯 ↪So_1F4EC↩。
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.